Download the PHP package leonardini/brontosaurus without Composer
On this page you can find all versions of the php package leonardini/brontosaurus. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download leonardini/brontosaurus
More information about leonardini/brontosaurus
Files in leonardini/brontosaurus
Package brontosaurus
Short Description PHP security auditor for websites
License MIT
Homepage https://brontosaurus.leonardini.dev
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package brontosaurus
Brontosaurus 
Brontosaurus is a security tool for your PHP website.
Current features include:
- Form tokens validation
Table of Contents
- Installation
- Getting Started
- Form Tokens
- Configuration
Installation
The easiest way to install Brontosaurus is with Composer:
If you prefer you can download the latest release and manually add the files to your project. Keep in mind that this is discouraged as you won't be able to easily update the library.
WARNING: Make sure to
require_onceevery file inside thesrcfolder
Getting Started
NOTICE: this tutorial assumes that you've installed Brontosaurus using Composer, if you haven't you can still follow this, but some parts would be different
To be able to use Brontosaurus you have to require_once the autoload.php file inside Composer's vendor folder.
This is actually the only thing you need to do to get Brontosaurus and all its tools up and running. For an usage example see the next section about Form Tokens
Form Tokens
When your website has a form, you usually want to receive submissions only from your legit page and not from other sources, such as unauthorized third-parties services.
Keeping in mind that this problem cannot be completely solved, Brontosaurus has a nice tool to help you make your forms a little bit more secure.
This works by generating a hidden random token every time the form page is loaded. The token is than sent to the server together with the form data and checked if its the same one saved in session. The user could have multiple browser tabs opened and to support that the last 20 tokens are saved in session (that number is customizable, check the configuration section).
The code you need on the form page is the following:
To check the validity of the token you will use:
Major info about the validation process could be obtained with $validation->getCode(). Give a look to ValidationCode enum.
Configuration
Brontosaurus can be configured through a yml file. To load the config file use
You can also unload your custom configs (default ones would be restored)
This is an example config file:
